-
Title
Block Access Template inheritance on an OU without effecting the parent OU or root container -
Description
When attempting to block the Access Template inheritance on an Organizational Unit (OU) by deselecting the Child objects of this directory object or by checking Immediate child objects only.
-
Cause
When blocking inheritance on a child OU for a delegated User/Group's Access Template, it will block all the way up the chain. One would have to set a delegation at the top level and define it as This directory object, and uncheck Child objects of this directory object or leave it checked and use Immediate child objects only, and then define a separate delegation on each OU. Notice when looking at a lower level OU or container, when doubling clicking on delegated permission / Access Template under the General tab, that Directory object: is still showing the root level object (the object the delegation was actually linked to) and not the object OU that is selected. This effects the root object when choosing / unchecking Child objects of this directory object.
-
Resolution
Instead of blocking inheritance for the Access Templates, use the Builtin Special - Block Permission Inheritance Access Template on the OU/Container object to block inheritance for any delegated User, or Group from that point forward (down the chain) without blocking it back up the chain.
